You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by samyem <sa...@gmail.com> on 2011/09/02 21:55:53 UTC
NTLM security between WCF and CXF
I'm trying to use NTLM to secure WCF web service that is to be called from
CXF. I'm using .NET 4 and CXF 2.4.2. On an earlier version of CXF, I had
been successful in using NTLM authentication using the jcifs library as
described in
http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html
It appears that now with the newer version, things have changed and that
technique no longer seems to work. On WCF, I got the binding defined as:
<basicHttpBinding>
<binding name="serviceBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Ntlm" proxyCredentialType="None"
realm=""/>
</security>
</binding>
</basicHttpBinding>
On the Java side, I got the proxy generated and the client side code has the
jcifs code:
jcifs.Config.setProperty("jcifs.smb.client.domain",
domain.toLowerCase());
jcifs.Config.setProperty("jcifs.netbios.wins", hostname);
jcifs.Config.setProperty("jcifs.smb.client.soTimeout", "300000");
// 20 minutes
jcifs.Config.setProperty("jcifs.netbios.cachePolicy", "1200");
jcifs.Config.setProperty("jcifs.smb.client.username", user);
jcifs.Config.setProperty("jcifs.smb.client.password", password);
jcifs.Config.registerSmbURLHandler();
...
Client client = ClientProxy.getClient(port);
HTTPConduit http = (HTTPConduit) client.getConduit();
HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
httpClientPolicy.setConnectionTimeout(36000);
httpClientPolicy.setAllowChunking(false);
http.setClient(httpClientPolicy);
...
When I run the Java client, I get this:
Sep 2, 2011 1:44:33 PM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl
handleNoRegisteredBuilder
WARNING: No assertion builder for type
{http://schemas.microsoft.com/ws/06/2004/policy/http}NtlmAuthentication
registered.
Exception in thread "main" org.apache.cxf.ws.policy.PolicyException: None of
the policy alternatives can be satisfied.
at
org.apache.cxf.ws.policy.EndpointPolicyImpl.chooseAlternative(EndpointPolicyImpl.java:165)
at
org.apache.cxf.ws.policy.EndpointPolicyImpl.finalizeConfig(EndpointPolicyImpl.java:145)
at
org.apache.cxf.ws.policy.EndpointPolicyImpl.initialize(EndpointPolicyImpl.java:141)
at
org.apache.cxf.ws.policy.PolicyEngineImpl.createEndpointPolicyInfo(PolicyEngineImpl.java:555)
at
org.apache.cxf.ws.policy.PolicyEngineImpl.getEndpointPolicy(PolicyEngineImpl.java:301)
at
org.apache.cxf.ws.policy.PolicyEngineImpl.getClientEndpointPolicy(PolicyEngineImpl.java:283)
at
org.apache.cxf.transport.http.policy.PolicyUtils.getClient(PolicyUtils.java:150)
at org.apache.cxf.transport.http.HTTPConduit.<init>(HTTPConduit.java:304)
at
org.apache.cxf.transport.http.ClientOnlyHTTPTransportFactory.getConduit(ClientOnlyHTTPTransportFactory.java:63)
at
org.apache.cxf.transport.http.ClientOnlyHTTPTransportFactory.getConduit(ClientOnlyHTTPTransportFactory.java:50)
at
org.apache.cxf.binding.soap.SoapTransportFactory.getConduit(SoapTransportFactory.java:228)
at
org.apache.cxf.endpoint.AbstractConduitSelector.getSelectedConduit(AbstractConduitSelector.java:88)
at
org.apache.cxf.endpoint.UpfrontConduitSelector.selectConduit(UpfrontConduitSelector.java:71)
at org.apache.cxf.endpoint.ClientImpl.getConduit(ClientImpl.java:814)
Thus failing as soon as client.getConduit() is called. I have not found any
working example of what's the proper way of using NTLM with CXF. Any help?
Thanks,
Samyem
--
View this message in context: http://cxf.547215.n5.nabble.com/NTLM-security-between-WCF-and-CXF-tp4763671p4763671.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: NTLM security between WCF and CXF
Posted by samyem <sa...@gmail.com>.
And saw that Microsoft's response on CXF interop is that they don't test
against CXF currently: http://wcf.codeplex.com/discussions/261520
On Fri, Sep 9, 2011 at 2:09 PM, Samyem Tuladhar <sa...@gmail.com> wrote:
> I noticed that there is a CXF supplied AssertionBuilder for KerberosToken
> at
>
>
> https://svn.apache.org/repos/asf/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/KerberosTokenBuilder.java
>
> which gave me a hint to attempt to modify the binding configuration in WCF
> using the WCF interop express<http://wcf.codeplex.com/releases/view/68276>as:
>
> <wso2InteropBinding>
> <binding name="serviceBinding">
> <security pattern="Kerberos" />
> </binding>
> </wso2InteropBinding>
>
> which adds the "KerberosToken" policy in the WSDL and this removed the "No
> assertion builder for type" warning from CXF, but it still failed with "None
> of the policy alternatives can be satisfied. " Would there be another
> alternative policy that the WCF interop binding can work with? I've added a
> new issue on WCF's side as well: http://wcf.codeplex.com/workitem/71 <http://wcf.codeplex.com/workitem/71>
>
>
> On Fri, Sep 9, 2011 at 1:45 PM, Daniel Kulp [via CXF] <
> ml-node+s547215n4787196h3@n5.nabble.com> wrote:
>
>> On Wednesday, September 07, 2011 11:16:47 AM samyem wrote:
>> > Hi Daniel,
>> > I had not thought about that and now viola - with the policy element
>> taken
>> > out of the WSDL manually, the NTLM works even without a
>> > "jcifs.Config.registerSmbURLHandler()" under JDK 1.5. So is there a way
>> to
>> > get CXF to work with the Policy tags as is in the WSDL?
>>
>> You would need to write the WS-Policy support for it for CXF. If
>> interested,
>> this is something that you could submit back to CXF once you get it work.
>>
>> Some overview:
>> http://cxf.apache.org/docs/ws-policy-framework-overview.html
>> (although some of that may be out of date)
>>
>>
>> Basically, you would write a NTLMToken object and an NTLMTokenBuilder.
>> You
>> could use the Https versions in:
>>
>>
>> http://svn.apache.org/repos/asf/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/
>>
>> http://svn.apache.org/repos/asf/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/
>>
>> as starting points. They write an InterceptorProvider for it that would
>> provide an interceptor that would verify that NTLM was being used and such
>> and
>> assert the policies. Example again would be HTTPS:
>>
>>
>> http://svn.apache.org/repos/asf/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors
>>
>>
>> Dan
>>
>>
>>
>> > I got the following
>> > test code on the WCF side:
>> >
>> > public static void Main(){
>> > Uri baseAddress = new Uri("http://localhost/cxfTest");
>> >
>> > using (ServiceHost host = new ServiceHost(typeof(Service1),
>> baseAddress))
>> > {
>> > ServiceMetadataBehavior smb = new ServiceMetadataBehavior();
>> > smb.HttpGetEnabled = true;
>> > smb.MetadataExporter.PolicyVersion = PolicyVersion.Policy15;
>> > host.Description.Behaviors.Add(smb);
>> >
>> > BasicHttpBinding httpBinding = new BasicHttpBinding();
>> > httpBinding.Security.Mode =
>> > BasicHttpSecurityMode.TransportCredentialOnly;
>> > httpBinding.Security.Transport.ClientCredentialType =
>> > HttpClientCredentialType.Windows;
>> > host.AddServiceEndpoint(typeof(IService1), httpBinding,
>> baseAddress);
>> >
>> >
>> host.Credentials.UserNameAuthentication.UserNamePasswordValidationMode =
>> > UserNamePasswordValidationMode.Windows;
>> >
>> > host.Open();
>> >
>> > Console.WriteLine("Service running at {0}", baseAddress);
>> > Application.Run();
>> > host.Close();
>> > }
>> > }
>> >
>> > Which adds the policy tags in WSDL as:
>> >
>> > <wsp:Policy wsu:Id="BasicHttpBinding_IService1_policy">
>> > <wsp:ExactlyOne>
>> > <wsp:All>
>> > <http:NegotiateAuthentication
>> >
>> xmlns:http="http://schemas.microsoft.com/ws/06/2004/policy/http" />
>>
>> > </wsp:All>
>> > </wsp:ExactlyOne>
>> > </wsp:Policy>
>> >
>> > When this tag is manually commented out and the references to it
>> removed,
>> > then CXF was happy and the WCF service was also able to pick up the NTLM
>>
>> > context at
>> OperationContext.Current.ServiceSecurityContext.WindowsIdentity.
>> > But keeping the WSDL with the Policy tag produces the original
>> exception.
>> >
>> > --
>> > View this message in context:
>> >
>> http://cxf.547215.n5.nabble.com/NTLM-security-between-WCF-and-CXF-tp4763671
>> > p4779559.html Sent from the cxf-user mailing list archive at Nabble.com.
>>
>> --
>> Daniel Kulp
>> [hidden email] <http://user/SendEmail.jtp?type=node&node=4787196&i=0>
>> http://dankulp.com/blog
>> Talend - http://www.talend.com
>>
>>
>> ------------------------------
>> If you reply to this email, your message will be added to the discussion
>> below:
>>
>> http://cxf.547215.n5.nabble.com/NTLM-security-between-WCF-and-CXF-tp4763671p4787196.html
>> To unsubscribe from NTLM security between WCF and CXF, click here<http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=4763671&code=c2FteWVtQGdtYWlsLmNvbXw0NzYzNjcxfDkxNzMxMjUyMQ==>.
>>
>>
>
>
--
View this message in context: http://cxf.547215.n5.nabble.com/NTLM-security-between-WCF-and-CXF-tp4763671p4787361.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: NTLM security between WCF and CXF
Posted by samyem <sa...@gmail.com>.
I noticed that there is a CXF supplied AssertionBuilder for KerberosToken at
https://svn.apache.org/repos/asf/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/KerberosTokenBuilder.java
which gave me a hint to attempt to modify the binding configuration in WCF
using the WCF interop express <http://wcf.codeplex.com/releases/view/68276>as:
<wso2InteropBinding>
<binding name="serviceBinding">
<security pattern="Kerberos" />
</binding>
</wso2InteropBinding>
which adds the "KerberosToken" policy in the WSDL and this removed the "No
assertion builder for type" warning from CXF, but it still failed with "None
of the policy alternatives can be satisfied. " Would there be another
alternative policy that the WCF interop binding can work with? I've added a
new issue on WCF's side as well: http://wcf.codeplex.com/workitem/71
<http://wcf.codeplex.com/workitem/71>
On Fri, Sep 9, 2011 at 1:45 PM, Daniel Kulp [via CXF] <
ml-node+s547215n4787196h3@n5.nabble.com> wrote:
> On Wednesday, September 07, 2011 11:16:47 AM samyem wrote:
> > Hi Daniel,
> > I had not thought about that and now viola - with the policy element
> taken
> > out of the WSDL manually, the NTLM works even without a
> > "jcifs.Config.registerSmbURLHandler()" under JDK 1.5. So is there a way
> to
> > get CXF to work with the Policy tags as is in the WSDL?
>
> You would need to write the WS-Policy support for it for CXF. If
> interested,
> this is something that you could submit back to CXF once you get it work.
>
> Some overview:
> http://cxf.apache.org/docs/ws-policy-framework-overview.html
> (although some of that may be out of date)
>
>
> Basically, you would write a NTLMToken object and an NTLMTokenBuilder. You
>
> could use the Https versions in:
>
>
> http://svn.apache.org/repos/asf/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/
>
> http://svn.apache.org/repos/asf/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/
>
> as starting points. They write an InterceptorProvider for it that would
> provide an interceptor that would verify that NTLM was being used and such
> and
> assert the policies. Example again would be HTTPS:
>
>
> http://svn.apache.org/repos/asf/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors
>
>
> Dan
>
>
>
> > I got the following
> > test code on the WCF side:
> >
> > public static void Main(){
> > Uri baseAddress = new Uri("http://localhost/cxfTest");
> >
> > using (ServiceHost host = new ServiceHost(typeof(Service1),
> baseAddress))
> > {
> > ServiceMetadataBehavior smb = new ServiceMetadataBehavior();
> > smb.HttpGetEnabled = true;
> > smb.MetadataExporter.PolicyVersion = PolicyVersion.Policy15;
> > host.Description.Behaviors.Add(smb);
> >
> > BasicHttpBinding httpBinding = new BasicHttpBinding();
> > httpBinding.Security.Mode =
> > BasicHttpSecurityMode.TransportCredentialOnly;
> > httpBinding.Security.Transport.ClientCredentialType =
> > HttpClientCredentialType.Windows;
> > host.AddServiceEndpoint(typeof(IService1), httpBinding, baseAddress);
>
> >
> >
> host.Credentials.UserNameAuthentication.UserNamePasswordValidationMode =
> > UserNamePasswordValidationMode.Windows;
> >
> > host.Open();
> >
> > Console.WriteLine("Service running at {0}", baseAddress);
> > Application.Run();
> > host.Close();
> > }
> > }
> >
> > Which adds the policy tags in WSDL as:
> >
> > <wsp:Policy wsu:Id="BasicHttpBinding_IService1_policy">
> > <wsp:ExactlyOne>
> > <wsp:All>
> > <http:NegotiateAuthentication
> >
> xmlns:http="http://schemas.microsoft.com/ws/06/2004/policy/http" />
>
> > </wsp:All>
> > </wsp:ExactlyOne>
> > </wsp:Policy>
> >
> > When this tag is manually commented out and the references to it removed,
>
> > then CXF was happy and the WCF service was also able to pick up the NTLM
> > context at
> OperationContext.Current.ServiceSecurityContext.WindowsIdentity.
> > But keeping the WSDL with the Policy tag produces the original exception.
>
> >
> > --
> > View this message in context:
> >
> http://cxf.547215.n5.nabble.com/NTLM-security-between-WCF-and-CXF-tp4763671
> > p4779559.html Sent from the cxf-user mailing list archive at Nabble.com.
> --
> Daniel Kulp
> [hidden email] <http://user/SendEmail.jtp?type=node&node=4787196&i=0>
> http://dankulp.com/blog
> Talend - http://www.talend.com
>
>
> ------------------------------
> If you reply to this email, your message will be added to the discussion
> below:
>
> http://cxf.547215.n5.nabble.com/NTLM-security-between-WCF-and-CXF-tp4763671p4787196.html
> To unsubscribe from NTLM security between WCF and CXF, click here<http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=4763671&code=c2FteWVtQGdtYWlsLmNvbXw0NzYzNjcxfDkxNzMxMjUyMQ==>.
>
>
--
View this message in context: http://cxf.547215.n5.nabble.com/NTLM-security-between-WCF-and-CXF-tp4763671p4787359.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: NTLM security between WCF and CXF
Posted by Daniel Kulp <dk...@apache.org>.
On Wednesday, September 07, 2011 11:16:47 AM samyem wrote:
> Hi Daniel,
> I had not thought about that and now viola - with the policy element taken
> out of the WSDL manually, the NTLM works even without a
> "jcifs.Config.registerSmbURLHandler()" under JDK 1.5. So is there a way to
> get CXF to work with the Policy tags as is in the WSDL?
You would need to write the WS-Policy support for it for CXF. If interested,
this is something that you could submit back to CXF once you get it work.
Some overview:
http://cxf.apache.org/docs/ws-policy-framework-overview.html
(although some of that may be out of date)
Basically, you would write a NTLMToken object and an NTLMTokenBuilder. You
could use the Https versions in:
http://svn.apache.org/repos/asf/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/
http://svn.apache.org/repos/asf/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/
as starting points. They write an InterceptorProvider for it that would
provide an interceptor that would verify that NTLM was being used and such and
assert the policies. Example again would be HTTPS:
http://svn.apache.org/repos/asf/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors
Dan
> I got the following
> test code on the WCF side:
>
> public static void Main(){
> Uri baseAddress = new Uri("http://localhost/cxfTest");
>
> using (ServiceHost host = new ServiceHost(typeof(Service1), baseAddress))
> {
> ServiceMetadataBehavior smb = new ServiceMetadataBehavior();
> smb.HttpGetEnabled = true;
> smb.MetadataExporter.PolicyVersion = PolicyVersion.Policy15;
> host.Description.Behaviors.Add(smb);
>
> BasicHttpBinding httpBinding = new BasicHttpBinding();
> httpBinding.Security.Mode =
> BasicHttpSecurityMode.TransportCredentialOnly;
> httpBinding.Security.Transport.ClientCredentialType =
> HttpClientCredentialType.Windows;
> host.AddServiceEndpoint(typeof(IService1), httpBinding, baseAddress);
>
> host.Credentials.UserNameAuthentication.UserNamePasswordValidationMode =
> UserNamePasswordValidationMode.Windows;
>
> host.Open();
>
> Console.WriteLine("Service running at {0}", baseAddress);
> Application.Run();
> host.Close();
> }
> }
>
> Which adds the policy tags in WSDL as:
>
> <wsp:Policy wsu:Id="BasicHttpBinding_IService1_policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <http:NegotiateAuthentication
>
xmlns:http="http://schemas.microsoft.com/ws/06/2004/policy/http" />
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
>
> When this tag is manually commented out and the references to it removed,
> then CXF was happy and the WCF service was also able to pick up the NTLM
> context at OperationContext.Current.ServiceSecurityContext.WindowsIdentity.
> But keeping the WSDL with the Policy tag produces the original exception.
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/NTLM-security-between-WCF-and-CXF-tp4763671
> p4779559.html Sent from the cxf-user mailing list archive at Nabble.com.
--
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog
Talend - http://www.talend.com
Re: NTLM security between WCF and CXF
Posted by samyem <sa...@gmail.com>.
Hi Daniel,
I had not thought about that and now viola - with the policy element taken
out of the WSDL manually, the NTLM works even without a
"jcifs.Config.registerSmbURLHandler()" under JDK 1.5. So is there a way to
get CXF to work with the Policy tags as is in the WSDL? I got the following
test code on the WCF side:
public static void Main(){
Uri baseAddress = new Uri("http://localhost/cxfTest");
using (ServiceHost host = new ServiceHost(typeof(Service1), baseAddress))
{
ServiceMetadataBehavior smb = new ServiceMetadataBehavior();
smb.HttpGetEnabled = true;
smb.MetadataExporter.PolicyVersion = PolicyVersion.Policy15;
host.Description.Behaviors.Add(smb);
BasicHttpBinding httpBinding = new BasicHttpBinding();
httpBinding.Security.Mode =
BasicHttpSecurityMode.TransportCredentialOnly;
httpBinding.Security.Transport.ClientCredentialType =
HttpClientCredentialType.Windows;
host.AddServiceEndpoint(typeof(IService1), httpBinding, baseAddress);
host.Credentials.UserNameAuthentication.UserNamePasswordValidationMode =
UserNamePasswordValidationMode.Windows;
host.Open();
Console.WriteLine("Service running at {0}", baseAddress);
Application.Run();
host.Close();
}
}
Which adds the policy tags in WSDL as:
<wsp:Policy wsu:Id="BasicHttpBinding_IService1_policy">
<wsp:ExactlyOne>
<wsp:All>
<http:NegotiateAuthentication
xmlns:http="http://schemas.microsoft.com/ws/06/2004/policy/http" />
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
When this tag is manually commented out and the references to it removed,
then CXF was happy and the WCF service was also able to pick up the NTLM
context at OperationContext.Current.ServiceSecurityContext.WindowsIdentity.
But keeping the WSDL with the Policy tag produces the original exception.
--
View this message in context: http://cxf.547215.n5.nabble.com/NTLM-security-between-WCF-and-CXF-tp4763671p4779559.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: NTLM security between WCF and CXF
Posted by Daniel Kulp <dk...@apache.org>.
On Tuesday, September 06, 2011 1:35:57 PM samyem wrote:
> Thanks for the quick reply. I've actually done clean builds and the problem
> persists.
Has nothing to do with clean builds... What I'm suggesting is to grab the
WSDL from the service and clean out any policies in there so you start with a
straight WSDL without and WS-Policy fragments in it. If you start from that,
you may at least get the NTLM auth stuff working.
Dan
> I think I am missing some critical pieces here dealing with
> WS-SecurityPolicy for NtlmAuthentication that arise from the WCF's binding.
> Using either clientCredentialType="Ntlm" and clientCredentialType="Windows"
> does not work and CXF complains about having no assertion builder for the
> corresponding types.
>
> Since then I've attempted to use the WCF Express Interop library at:
> http://wcf.codeplex.com/wikipage?title=WCF%20Express%20Interop%20Bindings
> http://wcf.codeplex.com/wikipage?title=WCF%20Express%20Interop%20Bindings
> and tried to use the wso2InteropBinding and metroBinding but both does not
> seem to work. With wso2InteropBinding and clientCreditialType="Windows" the
> assertion builder was looking for NtlmToken and it failed on that.
>
> Now I'm trying to see if the code at
> http://svn.apache.org/repos/asf/cxf/sandbox/interopfest is going to be any
> help but I have not yet found an example that works against Windows/NTLM
> authentication, which is what I'm looking for.
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/NTLM-security-between-WCF-and-CXF-tp4763671
> p4775972.html Sent from the cxf-user mailing list archive at Nabble.com.
--
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog
Talend - http://www.talend.com
Re: NTLM security between WCF and CXF
Posted by samyem <sa...@gmail.com>.
Thanks for the quick reply. I've actually done clean builds and the problem
persists. I think I am missing some critical pieces here dealing with
WS-SecurityPolicy for NtlmAuthentication that arise from the WCF's binding.
Using either clientCredentialType="Ntlm" and clientCredentialType="Windows"
does not work and CXF complains about having no assertion builder for the
corresponding types.
Since then I've attempted to use the WCF Express Interop library at:
http://wcf.codeplex.com/wikipage?title=WCF%20Express%20Interop%20Bindings
http://wcf.codeplex.com/wikipage?title=WCF%20Express%20Interop%20Bindings
and tried to use the wso2InteropBinding and metroBinding but both does not
seem to work. With wso2InteropBinding and clientCreditialType="Windows" the
assertion builder was looking for NtlmToken and it failed on that.
Now I'm trying to see if the code at
http://svn.apache.org/repos/asf/cxf/sandbox/interopfest is going to be any
help but I have not yet found an example that works against Windows/NTLM
authentication, which is what I'm looking for.
--
View this message in context: http://cxf.547215.n5.nabble.com/NTLM-security-between-WCF-and-CXF-tp4763671p4775972.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: NTLM security between WCF and CXF
Posted by Daniel Kulp <dk...@apache.org>.
This exception is due to the WSDL that is being used likely having a custom MS
defined policy extensor in it. If you grab the wsdl and use a "clean"
version, your code likely should work.
Dan
On Friday, September 02, 2011 12:55:53 PM samyem wrote:
> I'm trying to use NTLM to secure WCF web service that is to be called from
> CXF. I'm using .NET 4 and CXF 2.4.2. On an earlier version of CXF, I had
> been successful in using NTLM authentication using the jcifs library as
> described in
> http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html
>
> It appears that now with the newer version, things have changed and that
> technique no longer seems to work. On WCF, I got the binding defined as:
> <basicHttpBinding>
> <binding name="serviceBinding">
> <security mode="TransportCredentialOnly">
> <transport clientCredentialType="Ntlm" proxyCredentialType="None"
> realm=""/>
> </security>
> </binding>
> </basicHttpBinding>
>
> On the Java side, I got the proxy generated and the client side code has the
> jcifs code:
> jcifs.Config.setProperty("jcifs.smb.client.domain",
> domain.toLowerCase());
> jcifs.Config.setProperty("jcifs.netbios.wins", hostname);
> jcifs.Config.setProperty("jcifs.smb.client.soTimeout", "300000");
>
> // 20 minutes
> jcifs.Config.setProperty("jcifs.netbios.cachePolicy", "1200");
> jcifs.Config.setProperty("jcifs.smb.client.username", user);
> jcifs.Config.setProperty("jcifs.smb.client.password", password);
>
> jcifs.Config.registerSmbURLHandler();
> ...
> Client client = ClientProxy.getClient(port);
> HTTPConduit http = (HTTPConduit) client.getConduit();
> HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
> httpClientPolicy.setConnectionTimeout(36000);
> httpClientPolicy.setAllowChunking(false);
> http.setClient(httpClientPolicy);
>
> ...
>
> When I run the Java client, I get this:
>
> Sep 2, 2011 1:44:33 PM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl
> handleNoRegisteredBuilder
> WARNING: No assertion builder for type
> {http://schemas.microsoft.com/ws/06/2004/policy/http}NtlmAuthentication
> registered.
> Exception in thread "main" org.apache.cxf.ws.policy.PolicyException: None of
> the policy alternatives can be satisfied.
> at
> org.apache.cxf.ws.policy.EndpointPolicyImpl.chooseAlternative(EndpointPolicy
> Impl.java:165) at
> org.apache.cxf.ws.policy.EndpointPolicyImpl.finalizeConfig(EndpointPolicyImp
> l.java:145) at
> org.apache.cxf.ws.policy.EndpointPolicyImpl.initialize(EndpointPolicyImpl.ja
> va:141) at
> org.apache.cxf.ws.policy.PolicyEngineImpl.createEndpointPolicyInfo(PolicyEng
> ineImpl.java:555) at
> org.apache.cxf.ws.policy.PolicyEngineImpl.getEndpointPolicy(PolicyEngineImpl
> .java:301) at
> org.apache.cxf.ws.policy.PolicyEngineImpl.getClientEndpointPolicy(PolicyEngi
> neImpl.java:283) at
> org.apache.cxf.transport.http.policy.PolicyUtils.getClient(PolicyUtils.java:
> 150) at
> org.apache.cxf.transport.http.HTTPConduit.<init>(HTTPConduit.java:304) at
> org.apache.cxf.transport.http.ClientOnlyHTTPTransportFactory.getConduit(Clie
> ntOnlyHTTPTransportFactory.java:63) at
> org.apache.cxf.transport.http.ClientOnlyHTTPTransportFactory.getConduit(Clie
> ntOnlyHTTPTransportFactory.java:50) at
> org.apache.cxf.binding.soap.SoapTransportFactory.getConduit(SoapTransportFac
> tory.java:228) at
> org.apache.cxf.endpoint.AbstractConduitSelector.getSelectedConduit(AbstractC
> onduitSelector.java:88) at
> org.apache.cxf.endpoint.UpfrontConduitSelector.selectConduit(UpfrontConduitS
> elector.java:71) at
> org.apache.cxf.endpoint.ClientImpl.getConduit(ClientImpl.java:814)
>
>
> Thus failing as soon as client.getConduit() is called. I have not found any
> working example of what's the proper way of using NTLM with CXF. Any help?
>
> Thanks,
> Samyem
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/NTLM-security-between-WCF-and-CXF-tp4763671
> p4763671.html Sent from the cxf-user mailing list archive at Nabble.com.
--
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog
Talend - http://www.talend.com
Re: NTLM security between WCF and CXF
Posted by samyem <sa...@gmail.com>.
Also to add more info, I'm on IBM JDK 1.5 as it is hosted on websphere 6.1.
--
View this message in context: http://cxf.547215.n5.nabble.com/NTLM-security-between-WCF-and-CXF-tp4763671p4763691.html
Sent from the cxf-user mailing list archive at Nabble.com.